Worried about the POODLE vulnerability?

Use our quick check to see if your website is vulnerable

On Tuesday, October 14, 2014, Google released details on the POODLE attack, a padding oracle attack that targets CBC ciphers in SSLv3. The attack is similar, but more practical than the BEAST attack. Adam Langley has published details of the attack. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.

TLS_FALLBACK_SCSV Supported

It looks like your server supports SSLv3. However, you also support the new TLS_FALLBACK_SCSV flag. Remember, your clients and server must both implement the (very new) TLS_FALLBACK_SCSV cipher flag. See here for a ton of information on patching your clients and servers. Learn more.

SSLv3 Still Supported

It looks like your server supports SSLv3 with vulnerable ciphers. Many servers still do so today in order to support clients on Windows XP or other older systems, but you should update your cipher list to prefer safe RC4 ciphers, ideally removing any CBC ciphers.
See here for a ton of information on patching your clients and servers. Learn more.

TLS_FALLBACK_SCSV Not Supported

Your server does not support the new TLS_FALLBACK_SCSV flag. This flag prevents newer clients from being forcibly downgraded to an insecure SSL version. Remember, your clients and server must both implement the (very new) TLS_FALLBACK_SCSV cipher flag. See here for a ton of information on patching your clients and servers.

Vulnerable Ciphers Still Supported:

SSLv3 Not Supported

Good news! Your server does not support SSLv3 with vulnerable ciphers and is not vulnerable to the POODLE attack.

There was an error

We're sorry, but there was an error while checking your server. Are you sure the host supports SSL on that port? Please check your URL or try again later.